Bug#666851: Apache2 2.4 transition postponed until after Wheezy

2012-05-17 Thread Stefan Fritsch
Hi, we have decided to postpone the transition to apache2 2.4. The main blocker is that mod_perl needs a major new upstream release which very likely won't be ready in time for Wheezy and we don't want to release Wheezy without mod_perl. The transition will probably happen shortly after the

Bug#523054: NMU

2009-05-30 Thread Stefan Fritsch
; urgency=high + + * Non-maintainer upload by the security-team. + * CVE-2008-5519: Fix information disclosure vulnerability when clients +abort connection before sending POST body (closes: #523054). + + -- Stefan Fritsch s...@debian.org Sat, 30 May 2009 15:49:20 +0200 + libapache-mod-jk (1

Bug#423435: CVE-2007-1858: insecure default SSL cipher configuration in Apache Tomcat

2007-05-11 Thread Stefan Fritsch
Package: tomcat5 Version: 5.0.30-12 Severity: normal Tags: security A vulnerability has been found in Tomcat: CVE-2007-1858: The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the

Bug#411988: libswt3.2-gtk-jni 3.2.1-5 depends on libc6 (= 2.5) and is uninstallable

2007-02-22 Thread Stefan Fritsch
Package: libswt3.2-gtk-jni Version: 3.2.1-5 Severity: serious The following packages are BROKEN: libswt3.2-gtk-jni The following packages will be upgraded: eclipse eclipse-jdt eclipse-jdt-gcj eclipse-pde eclipse-pde-gcj eclipse-platform eclipse-platform-gcj eclipse-rcp eclipse-rcp-gcj

Bug#391202: patch

2006-10-15 Thread Stefan Fritsch
Changing debian/patches/04_build_manifest.patch to the attached patch allows the package to build. But I have not tested the resulting package. --- build.xml.old 2005-08-21 11:08:56.0 +0200 +++ build.xml 2005-08-21 11:09:13.0 +0200 @@ -47,7 +47,7 @@ /target target

Bug#391202: patch for NMU

2006-10-15 Thread Stefan Fritsch
A NMU should be uploaded with the attached patch. diff -u libdtdparser-java-1.21a/debian/patches/04_build_manifest.patch libdtdparser-java-1.21a/debian/patches/04_build_manifest.patch --- libdtdparser-java-1.21a/debian/patches/04_build_manifest.patch +++

Bug#393073: jetty should not reenter testing until some security issues have been checked

2006-10-14 Thread Stefan Fritsch
Package: jetty Version: 5.1.10-2 Severity: grave Tags: security Some security issues have been found in jetty 6: CVE-2006-2759: jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case

Do CVE-2006-2758 and CVE-2006-2759 affect jetty 5?

2006-08-06 Thread Stefan Fritsch
Hi, some security issues have been found in jetty 6. Please check whether these issues affect jetty in Debian. Maybe CVE-2006-2758 has been fixed in 5.1.10-1? Thanks for your help. Cheers, Stefan == Name: CVE-2006-2758 Status: Candidate